ONPREM AD sync with different domain

Question

ONPREM AD sync with different domain

naresh m 1

Hi all,
What would be the different options to sync below scenario.

Their is a domain A which has on prem AD and domain B has onprem AD and azure AD connected to sync with AD connect. Now question is how domain B can be synced to on prem AD of domain B or directly to Azure AD of domain B..so that VM from domain A can be migrated to azure tenant of domain B and still access same stuff from domain A .

One way is my establishing trust between domain A and B on prem. Is their any other way using azure AD connect or some other methods.

2 answers

Your answer

Answer 1

Harpreet Singh Matharoo 8,396 Microsoft Employee Moderator

Hello @naresh m

Thank you for reaching out.

Yes, you can sync users from multiple domains, in multiple forests to single Azure AD tenant. When you have multiple forests, all forests must be reachable by a single Azure AD Connect sync server. The server must be joined to a domain. If necessary to reach all forests, you can place the AD Connect server in a perimeter network (also known as DMZ, demilitarized zone, and screened subnet).

Additionally, I would like to confirm that only wat to achieve this would be to have two-way trust between these forests. The Azure AD Connect installation wizard offers several options to consolidate users who are represented in multiple forests/domains. The goal is that a user is represented only once in Azure AD.

You can review following article to get more details on support topologies: Topologies for Azure AD Connect.

Similar question has been answered on following QnA post: Sync multiple on-prem AD Domian to singe Azure AD tenant

I hope this helps.

Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

naresh m 1 Reputation point

2023-01-10T18:54:48.243+00:00

If we follow and sync users in method you mention. Will a user from forest B can login to computer joined in forest A ??
Harpreet Singh Matharoo 8,396 Reputation points Microsoft Employee Moderator

2023-01-11T05:56:15.4633333+00:00

Yes, this is possible. After you have configured the 2-way trust between the two forests/domains and configured the directory sync settings in Azure AD Connect, Domain B users should be able to login to computers joined to Domain A.
Akshay-MSFT 17,956 Reputation points Microsoft Employee Moderator

2023-01-24T10:33:47.9433333+00:00

Hello naresh m,

Hope you got a chance to review the action plan suggested below. Please do let me know if you have any queries in the comments section. If you don't have any further queries and the suggestion works as per your business need. Please "Accept the answer" and "share you feedback (Yes/No)". This will help us and others in the community as well.

Thanks,

Akshay Kaushik
von Itter, Ingo 0 Reputation points

2024-04-05T08:47:54.51+00:00

THanks for the quick comments. The attached Ads are complete independed. There is no AD Trust between. I need a way to "detach" a user from "synced" to "cloud"
von Itter, Ingo 0 Reputation points

2024-04-05T08:49:36.12+00:00

if the User leave CompanyA he dont need to login to a domainjoined PC on CompanyA.

My Focus is only the Entra User

Answer 2

Amit Singh 5,306

The easiest way is configuring the AD account UPNs (User Principal Name) to match the primary emails. If you follow the official guidelines, you should be fine (Prepare a non-routable domain for directory synchronization).

naresh m 1 Reputation point

2023-01-10T18:55:46.143+00:00

Either I didn't understood this solution or I am not sure if this helps me

Share via

ONPREM AD sync with different domain

2 answers

Your answer